From e2f5717487f6950ff6253ccce6a967b0ad9ebbea Mon Sep 17 00:00:00 2001 From: Nikias Bassen Date: Fri, 6 Sep 2013 05:52:49 +0200 Subject: Make sure to re-use the DeviceCertificate instead of generating a new one every time This prevented iTunes from using a pairing made by libimobiledevice giving an error that the device sent invalid data. --- common/userpref.c | 15 ++++++++++++++- common/userpref.h | 2 +- src/lockdown.c | 23 +++++++++++++++-------- 3 files changed, 30 insertions(+), 10 deletions(-) diff --git a/common/userpref.c b/common/userpref.c index 571b660..55ab9c4 100644 --- a/common/userpref.c +++ b/common/userpref.c @@ -1115,7 +1115,7 @@ userpref_error_t userpref_device_record_get_keys_and_certs(const char *udid, gnu * * @return 1 if the certificates were successfully retrieved, 0 otherwise */ -userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_data_t *pem_root_cert, key_data_t *pem_host_cert) +userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_data_t *pem_root_cert, key_data_t *pem_host_cert, key_data_t *pem_device_cert) { if (!udid || !pem_root_cert || !pem_host_cert) return USERPREF_E_INVALID_ARG; @@ -1124,6 +1124,7 @@ userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_d uint64_t length = 0; plist_t root_cert = NULL; plist_t host_cert = NULL; + plist_t dev_cert = NULL; if (userpref_device_record_get_value(udid, USERPREF_HOST_CERTIFICATE_KEY, &host_cert) && userpref_device_record_get_value(udid, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert)) { if (host_cert && plist_get_node_type(host_cert) == PLIST_DATA) { @@ -1143,6 +1144,18 @@ userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_d buffer = NULL; } + if (pem_device_cert) { + userpref_device_record_get_value(udid, USERPREF_DEVICE_CERTIFICATE_KEY, &dev_cert); + if (dev_cert && plist_get_node_type(dev_cert) == PLIST_DATA) { + plist_get_data_val(dev_cert, &buffer, &length); + pem_device_cert->data = (unsigned char*)malloc(length); + memcpy(pem_device_cert->data, buffer, length); + pem_device_cert->size = length; + free(buffer); + buffer = NULL; + } + } + return USERPREF_E_SUCCESS; } else { if (pem_root_cert->data) { diff --git a/common/userpref.h b/common/userpref.h index 8e38136..da9d454 100644 --- a/common/userpref.h +++ b/common/userpref.h @@ -75,7 +75,7 @@ LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_get_keys_and_c LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_get_keys_and_certs(const char *udid, gnutls_x509_privkey_t root_privkey, gnutls_x509_crt_t root_crt, gnutls_x509_privkey_t host_privkey, gnutls_x509_crt_t host_crt); #endif LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_set_keys_and_certs(const char *udid, key_data_t * root_key, key_data_t * root_cert, key_data_t * host_key, key_data_t * host_cert); -LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_data_t *pem_root_cert, key_data_t *pem_host_cert); +LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_device_record_get_certs_as_pem(const char *udid, key_data_t *pem_root_cert, key_data_t *pem_host_cert, key_data_t *pem_device_cert); LIBIMOBILEDEVICE_INTERNAL userpref_error_t userpref_set_device_record(const char *udid, plist_t device_record); userpref_error_t userpref_remove_device_record(const char *udid); diff --git a/src/lockdown.c b/src/lockdown.c index c0ea645..2b0ab89 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -890,7 +890,13 @@ static lockdownd_error_t generate_pair_record_plist(const char *udid, char* syst key_data_t host_cert = { NULL, 0 }; key_data_t root_cert = { NULL, 0 }; - ret = lockdownd_gen_pair_cert_for_udid(udid, public_key, &device_cert, &host_cert, &root_cert); + userpref_error_t uret = userpref_device_record_get_certs_as_pem(udid, &root_cert, &host_cert, &device_cert); + if ((uret == USERPREF_E_SUCCESS) && (root_cert.size > 0) && (host_cert.size > 0) && (device_cert.size > 0)) { + ret = LOCKDOWN_E_SUCCESS; + } + + if (ret != LOCKDOWN_E_SUCCESS) + ret = lockdownd_gen_pair_cert_for_udid(udid, public_key, &device_cert, &host_cert, &root_cert); if (ret != LOCKDOWN_E_SUCCESS) { return ret; } @@ -1059,6 +1065,12 @@ static lockdownd_error_t lockdownd_do_pair(lockdownd_client_t client, lockdownd_ plist_free(escrow_bag); escrow_bag = NULL; } + + /* store DeviceCertificate upon successful pairing */ + plist_t devcrt = plist_dict_get_item(dict_record, USERPREF_DEVICE_CERTIFICATE_KEY); + if (devcrt && plist_get_node_type(devcrt) == PLIST_DATA) { + userpref_device_record_set_value(client->udid, USERPREF_DEVICE_CERTIFICATE_KEY, plist_copy(devcrt)); + } } } } else { @@ -1366,7 +1378,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t key_data_t pem_root_cert = { NULL, 0 }; key_data_t pem_host_cert = { NULL, 0 }; - uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert); + uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert, NULL); if (USERPREF_E_SUCCESS == uret) { /* copy buffer for output */ membp = BIO_new(BIO_s_mem()); @@ -1505,7 +1517,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t gnutls_datum_t pem_root_cert = { NULL, 0 }; gnutls_datum_t pem_host_cert = { NULL, 0 }; - uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert); + uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert, NULL); if (USERPREF_E_SUCCESS == uret) { /* copy buffer for output */ @@ -1560,11 +1572,6 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t gnutls_free(der_pub_key.data); #endif - /* save device cert in config */ - if (odevice_cert->size) { - userpref_device_record_set_value(udid, USERPREF_DEVICE_CERTIFICATE_KEY, plist_new_data((char*)odevice_cert->data, (uint64_t)odevice_cert->size)); - } - return ret; } -- cgit v1.1-32-gdbae